diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/remote_interaction_controller.rb | 12 | ||||
-rw-r--r-- | app/controllers/statuses_controller.rb | 3 |
2 files changed, 11 insertions, 4 deletions
diff --git a/app/controllers/remote_interaction_controller.rb b/app/controllers/remote_interaction_controller.rb index b1b304055..aa8f73ac8 100644 --- a/app/controllers/remote_interaction_controller.rb +++ b/app/controllers/remote_interaction_controller.rb @@ -24,7 +24,7 @@ class RemoteInteractionController < ApplicationController if Favourite.where(account: current_account, status: @status).exists? UnfavouriteService.new.call(current_account, @status) else - FavouriteService.new.call(current_account, @status) + FavouriteService.new.call(current_account, @status, skip_authorize: true) end when 'follow' FollowService.new.call(current_account, @status.account) @@ -32,7 +32,7 @@ class RemoteInteractionController < ApplicationController UnfollowService.new.call(current_account, @status.account) end - redirect_to TagManager.instance.url_for(@status) + redirect_to short_account_status_url(@status.account.username, @status.id, key: @sharekey) end private @@ -47,7 +47,13 @@ class RemoteInteractionController < ApplicationController def set_status @status = Status.find(params[:id]) - authorize @status, :show? + @sharekey = params[:key] + + if @status.sharekey.present? && @sharekey == @status.sharekey + skip_authorization + else + authorize @status, :show? + end rescue Mastodon::NotPermittedError # Reraise in order to get a 404 raise ActiveRecord::RecordNotFound diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 3a6f68db5..6fd937f8d 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -190,8 +190,9 @@ class StatusesController < ApplicationController @status = @account.statuses.find(params[:id]) @stream_entry = @status.stream_entry @type = @stream_entry.activity_type.downcase + @sharekey = params[:key] - if @status.sharekey.present? && params[:key] == @status.sharekey + if @status.sharekey.present? && @sharekey == @status.sharekey skip_authorization else authorize @status, :show? |